Xeno-RAT通信模型剖析及自动化解密脚本实现

2024-05-14 Aliyun Xeno-RAT communication-model analysis and automated decryption script implementation

https://xz.aliyun.com/t/14489

Thumbnail for Xeno-RAT通信模型剖析及自动化解密脚本实现

The report analyzes Xeno-RAT as an open-source remote-access tool and builds on prior Kimsuky research involving PowerShell loading of an encrypted Xeno-RAT payload. It covers configuration extraction, feature analysis, command-and-control communication behavior, and construction of a decryption workflow, making it useful for defenders tracking Xeno-RAT tradecraft in Kimsuky-linked intrusion chains.

Indicators of Compromise

Type Value First Seen Last Seen
HASH 4cf2a22b5fefa18e2ab36a1d73f79833 2024-05-14 2024-05-14
HASH 5353c15bee04dcac54f80dd7d5660b21 2024-05-14 2024-05-14
HASH 039d1f0dc21cd752cac608434b205e3c 2024-05-14 2024-05-14
HASH afb916213f3419be21a061b782793c6e 2024-05-14 2024-05-14
HASH c554ddb5db3ac1539d9ab7de049b8486 2024-05-14 2024-05-14
HASH d66568e2fd174b6cc4f5aa10d9ab9ec6 2024-05-14 2024-05-14
HASH b7c76350514a33374f4597d219d9fec1 2024-05-14 2024-05-14
HASH 5e3e4438045c426410122210759cc0c8 2024-05-14 2024-05-14
HASH 03ac674216f3e15c761ee1a5e255f06… 2024-05-14 2024-05-14
HASH 0746f23b790fd439980d155a75e6275b 2024-05-14 2024-05-14
HASH 70bfb60e65f7fbf9fbcee5c8aaa3fce7 2024-05-14 2024-05-14
HASH 4dac21b4f2984931b9710ca50329023a 2024-05-14 2024-05-14
HASH e402280a434814fd9eecb5077b8aac62 2024-05-14 2024-05-14
HASH 0e5695b84313f7ed7b86dbba80b0342a 2024-05-14 2024-05-14
HASH 86bf07899c4e9764b0752713fe6f12c9 2024-05-14 2024-05-14
HASH b1aca76ee8c1d3fec6edd3a31f9728d8 2024-05-14 2024-05-14
HASH 1e8ff2a86962488515380c6a27a775c3 2024-05-14 2024-05-14
HASH d1d9aef0ed8093ff1ed157bb4af3652c 2024-05-14 2024-05-14

Related Actors

Related Reports

« Back